Democracy threatened as voting systems come under attack

Democracy threatened as voting systems come under attack

voting: all electoral systems are under threat from hackers

A better understanding of cyber security is needed in election supply chains if democracy is to be protected.
With Boris Johnson newly installed at No. 10 Downing Street, the thoughts of many people are inevitably turning to whether there will be a General Election in the UK within the next few months.
Future major elections, such as the upcoming 2020 US primaries, are increasingly likely to attract the attention of cyber attackers with a good chance of attacks being successful.
Huntsman Security has warned that, as more and more nations adopt electronic voting machines and online voting, the potential for subversion of the electoral process will increase.
And it’s not just voting machines where the problem lies. The IT systems used for voter registration and election organisation and counting are also open to abuse.
This is not only true at the point of voting but at every point of the supply chain. Every single supplier contributing to an election – from technology providers to local officials – has to be able resist attack and to guarantee that it has not been compromised.

Managing electoral cyber risks

The likelihood of attack is so high that governments must concentrate not only on prevention, but on reaction. They must ensure that they can detect a successful attack before it does too much damage or undermines the election. And there is a need for clear contingency plans on how to proceed if problems do occur at some point.
“We have seen widespread attempts to manipulate elections and public opinion through hostile media and social media activity, both overt and subtle,” said Piers Wilson, Head of Product Management at Huntsman Security. “However, direct disruption or manipulation of the process itself could cause chaos on a much larger scale.”
“No matter the motives of the attacker, and where the attack occurs, the reaction to any attack is critical. The longer problems are undetected, the worse it will be for the legitimacy of the result. Timescales of days or weeks are unacceptable. Governments need to identify and counter threats in real-time and be certain that every part of the election supply chain is protected.”

What’s the (cyber) problem?

To date, the majority of issues with electronic voting have been attributed to ageing, malfunctioning or mis-configured electronic voting machines. Tests of online voting services have also been hacked.
While attention has focused on these issues, there are many more threats throughout the wider process. For instance, attackers could hamper voter registration efforts, or the services that remote voters rely on to receive their ballots – online or otherwise.
Any organisation involved in an election, from private sector technology providers to government departments or voting organisers, will be seen as a legitimate target for attackers. Some will not be well protected.

Defending democracy from hackers

All organisations involved in an election, in even the smallest capacity, must therefore take appropriate security precautions. This is a large scale undertaking and it is important to get it right. There needs to be rigorous, constantly updated security preparedness with the right levels of oversight.
If an organisation is correctly prepared it can react appropriately when an attack does occur – identifying any breaches or problems quickly, quarantining threat, and taking the appropriate remediation or invoking a contingency plan.
Communication is essential as part of this. Contingency plans depend on where and when the attack occurs: from re-arranging voter registration or extending deadlines, to annulling the results of an election where fraud or disruption has been widespread or significant.
“Electronic voting may introduce threats, but this is no reason to abandon the use of technology. Used correctly it can still extend the franchise to more people than ever before and make elections and voting easier for everyone,” Piers Wilson said. “We’ve seen in other industries that having a clear real-time view of cyber security risk exposure is key. This needs to extend into the supply chain, the web of interconnected businesses that support the core activity.”
The operation of voter registration systems depends on technology, as do electronic voting systems. There can even be a technology element to the management of polling booths. It is vital to know how to defend all of these disparate systems.
Democracy is precious. And there will always be people looking to disrupt it. Governments must be able to react swiftly to any attacks, and have the right contingency plans in place to keep the faith of the electorate.

Copyright Lyonsdown Limited 2021

Top Articles

Australian energy giant CS Energy suffers a ransomware attack

Australian energy company CS Energy suffered a ransomware attack on November 27 that targeted its corporate network.

Misconfiguration of a management user interface (UI) tool leads to exposure of mission-critical data

Kafdrop, a popular open-source Apache Kafka user and management interface had configuration flaws that provided criminals with access to event-streaming platform Apache Kafka used by more than 60 per cent…

ICO serves £500,000 fine to the Cabinet Office for New Year Honours data breach

The ICO has fined the Cabinet Office £500,000 for failing to prevent the leak of postal addresses of over 1,000 people who were among the 2020 New Year Honours recipients.

Related Articles

[s2Member-Login login_redirect=”” /]